What Is Claimed Is: 



1 . A method for checking the safety and reliability of software-based electronic systems, 
using a reliability fiinction for checking the functions of the system (30) that are 
called for, based on the hardware components of the system (30) required for this, 
wherein a reliability function for calculating the reliability of at least one of the 
functions called for of the system (30) and an additional reliability function for 
calculating the reliability of at least one of safety functions of the system (30) are 
determined, for the determination of these reliability functions, software components 
(41, 42, 43, 44) of the system being taken into joint consideration, with the aid of the 
hardware components to which these software components (41, 42, 43, 44) are 
distributed. 

2. The method as recited in Claim 1, 

wherein a reliability function is determined for all the functions of the system (30) 
called for. 

3. The method as recited in Claim 1 or 2, 

wherein a reliability function is determined for all the safety functions of the system 
(30). 

4. The method as recited in one of Claims 1 through 3, 

wherein the values of the two reliability functions are calculated for a certain system 
architecture. 

5. The method as recited in Claim 4, 

wherein the system architecture is changed by one or more of the following 
components: the establishment of the hardware components necessary for 
implementing the system functions and the safety functions called for; the 
establishment of the software components necessary for implementing the system 
functions and the safety functions called for; and the assignment of the software 
components to hardware components. 

6. The method as recited in Claim 4 or 5, 

wherein the system architecture is optimized with the aid of a maximization of the 



NYOl 1066868 vl 



17 



calculated reliabilities for the system functions called for at different system 
architectures. 

7. The method as recited in Claim 4, 5, or 6, 

wherein the system architecture is optimized with the aid of a maximization of the 
calculated reliabilities for the safety functions of the system at various system 
architectures. 

8. The method as recited in one of Claims 1 through 7, 

wherein a reliability function is determined using a reliability block diagram. 

9. The method as recited in one of Claims 1 through 8, 

wherein the system functions called for are monitored by monitoring functions for 
monitoring these system functions, the monitoring functions, on their part, being 
monitored by system monitoring functions. 

10. The method as recited in Claim 9, 

wherein the system monitoring functions at least partially monitor the system section 
(31) which includes the monitoring functions for monitoring the syatem functions. 

1 1 . The method as recited in Claim 10, 

wherein the system monitoring functions are distributed to two system sections (31, 
32), of which one system section (31) includes the system functions called for, as well 
as their monitoring functions. 

12. The method as recited in Claim 11, 

wherein both system sections (31, 32) monitor each other via the system monitoring 
functions. 

13. The method as recited in one of Claims 1 through 12, 

wherein the following steps are carried out for the checking of the safety and the 
reliability of the system (30): 

establishing the hardware components of the system (30) and their 
networking, especially specifying the microcontrollers (31, 32) and their networking; 

establishing software components (41, 42, 43, 44) of the system (30), which 
are required for implementing the system functions and the safety functions of the 
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system (30), and specifying the communication between the software components 
(41,42, 43,44); 

assigning the software components (41, 42, 43, 44) to hardware components, 
especially to the microcontrollers (31, 32) of the system (30);setting up reliability 
block diagrams (45, 46, 47) for the fimctions of the system (30) called for, including 
the safety fxmctions, starting from the hardware components and hardware 
connections; 

calculating the reliability for the safety ftmctions and the reliability for all the 
fimctions of the system (30) called for, for the verification of the safety and the 
reliability of the system (30). 

14. The method as recited in Claim 13, 

wherein as an additional step, the system architecture, that is, the software network 
and the hardware network, as well as the assignment of the software components to 
hardware components is corrected, and the steps according to Claim 13 are repeated. 

15. A use of a method as recited in one of Claims 1 through 14, for assigning of software 
components (41, 42, 43, 44) to hardware components, such as microcontrollers (31, 
32), in a distributed and networked system (30). 

16. The use of a method as recited in one of Claims 1 through 14, for establishing the 
system architecture of a control unit (30), such as an engine control xmit. 

17. A computer program having program code means in order to carry out all the steps of 
a method as recited in one of Claims 1 through 14, when the computer program is 
executed on a computer or an appropriate computing unit. 

18. A computer program product having program code means, which are stored on a 
computer-readable data carrier in order to carry out all the steps of a method as recited 
in one of Claims 1 through 14, if the computer program product is executed on a 
computer or an appropriate computing unit. 
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